Scribe Security releases new platform enhancement supporting SSDF and SLSA compliance to boost software supply chain security
TEL AVIV, Israel, Feb. 15, 2023 /PRNewswire/ -- Scribe Security, a software supply chain security solution provider, announced today the release of a new capability within its SaaS Trust Hub designed to help organizations better understand and comply with the NIST SP 800-218 (SSDF) and SLSA frameworks—two emerging standards for software supply chain. Scribe users (currently on GitHub and soon on additional SCMs) can now, not only apply a policy over attestations to ensure secure development and build processes or validate that tampering hasn't taken place, but also gauge compliance with the SSDF—the basis for the new U.S. cyber regulation and the SLSA framework, developed by Google and adopted by the OpenSSF.
- In recent years, high-profile software supply chain attacks have caused significant damage to organizations.
- These attacks have highlighted the need for better security practices to address the software supply chain risk.
- Emerging standards such as SSDF and SLSA provide guidance on how to secure the software supply chain.
- "We conduct a rule-based evaluation to determine the protection level of the source code based on the well-known CIS Software Supply Chain Security benchmark combined with some elements from SLSA."